CVE-2023-2649

Name of the Vulnerable Software and Affected Versions Tenda AC23 version 16.03.07.45 cn

Description The issue is related to insufficient argument checking in the Service Port 7329 component of the Tenda AC23 router's firmware, which can lead to command injection. This can be exploited by a remote attacker to execute arbitrary commands. The manipulation of the v2 argument is the key to this vulnerability. The attack can be initiated remotely.

Recommendations For Tenda AC23 version 16.03.07.45 cn, as a temporary workaround, consider restricting access to the Service Port 7329 component until a patch is available. Avoid using the v2 argument in the affected command until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.